package tyk.preparedstatement;

import java.sql.*;
import java.util.Scanner;

/***
 *@title PSUserLoginPart
 *@description <TODO description class purpose>
 *@author Tang'ya'kang
 *@VERSION 1.0.0
 *@CREATE 2023/5/3 21:08
 **/
public class PSUserLoginPart {
    public static void main(String[] args) throws ClassNotFoundException, SQLException {
        //sql注入：' or '1' = '1
        Scanner scanner=new Scanner(System.in);
        System.out.println("请输入登录账号");
        String account=scanner.nextLine();
        System.out.println("请输入登录密码");
        String password=scanner.nextLine();

        Class.forName("com.mysql.cj.jdbc.Driver");
        Connection connection= DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/javaweb","root","123456");
        String sql="select * from t_user where account = ? and password = ? ; ";
        PreparedStatement preparedStatement=connection.prepareStatement(sql);
        preparedStatement.setObject(1,account);
        preparedStatement.setObject(2,password);
        ResultSet resultSet=preparedStatement.executeQuery();
        if(resultSet.next()) System.out.println("登录成功");
        else System.out.println("登录失败");
    }
}
